{"containers": {"cna": {"affected": [{"product": "puma", "vendor": "puma", "versions": [{"status": "affected", "version": "< 3.12.5"}, {"status": "affected", "version": ">= 4.0.0, < 4.3.4"}]}], "descriptions": [{"lang": "en", "value": "In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "description": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-07T12:06:28.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd"}, {"name": "openSUSE-SU-2020:0990", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"}, {"name": "openSUSE-SU-2020:1001", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"}, {"name": "FEDORA-2020-fe354f24e8", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"}, {"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2398-1] puma security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"}], "source": {"advisory": "GHSA-x7jg-6pwg-fx5h", "discovery": "UNKNOWN"}, "title": "HTTP Smuggling via Transfer-Encoding Header in Puma", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-11076", "STATE": "PUBLIC", "TITLE": "HTTP Smuggling via Transfer-Encoding Header in Puma"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "puma", "version": {"version_data": [{"version_value": "< 3.12.5"}, {"version_value": ">= 4.0.0, < 4.3.4"}]}}]}, "vendor_name": "puma"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h", "refsource": "CONFIRM", "url": "https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h"}, {"name": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22", "refsource": "MISC", "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"}, {"name": "https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd", "refsource": "MISC", "url": "https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd"}, {"name": "openSUSE-SU-2020:0990", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"}, {"name": "openSUSE-SU-2020:1001", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"}, {"name": "FEDORA-2020-fe354f24e8", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"}, {"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2398-1] puma security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"}]}, "source": {"advisory": "GHSA-x7jg-6pwg-fx5h", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:21:14.684Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd"}, {"name": "openSUSE-SU-2020:0990", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"}, {"name": "openSUSE-SU-2020:1001", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"}, {"name": "FEDORA-2020-fe354f24e8", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"}, {"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2398-1] puma security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-11076", "datePublished": "2020-05-22T14:50:12.000Z", "dateReserved": "2020-03-30T00:00:00.000Z", "dateUpdated": "2024-08-04T11:21:14.684Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "94D6645C-59B2-466F-A147-B23EF284DEBA", "versionEndExcluding": "3.12.6", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "916E4164-0951-4145-85D6-684EF781F13A", "versionEndExcluding": "4.3.5", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4."}, {"lang": "es", "value": "En Puma (RubyGem) versiones anteriores a 4.3.4 y 3.12.5, un atacante podr\u00eda hacer pasar sin autorizaci\u00f3n una respuesta HTTP, mediante el uso de un encabezado de codificaci\u00f3n transfer no v\u00e1lido. El problema ha sido corregido en Puma versi\u00f3n 3.12.5 y Puma versi\u00f3n 4.3.4."}], "id": "CVE-2020-11076", "lastModified": "2024-11-21T04:56:44.090", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-22T15:15:11.363", "references": [{"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"bugzilla": {"description": "rubygem-puma: HTTP Smuggling via an invalid Transfer-Encoding Header", "id": "1842539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842539"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-444", "details": ["In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.", "A flaw was found in rubygem-puma. An attacker could smuggle an HTTP response, by using an invalid transfer-encoding header."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-11076", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Will not fix", "impact": "low", "package_name": "rubygem-puma", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "rubygem-puma", "product_name": "Red Hat Storage 3"}], "public_date": "2020-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-11076\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11076\nhttps://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h"], "statement": "Red Hat Gluster Storage 3 Web Administration component uses affected RubyGem Puma, which does not have the http body chunk verification.", "threat_severity": "Moderate"}

{}